Our customer wanted to develop a comprehensive Security platform providing NGFW, IPS and WAF integrated. They want this platform to allow plugging-in of their own proprietary ML based security module. Additionally, they want the platform to support monitoring and scanning of traffic at up to 15 Gbps rate.
Machine Learning Enabled Security Platform
- Integrating so many diverse pieces of open-source software such as DPDK, VPP, snort, ssl-split, ModSec etc.
- Achieving 15mbps of throughput with CPU intensive services such as Snort, ML and ModSec.
Developed the security platform, integrated and tested the following security features:-
- Web Application Firewall with OWASP Top 10 checks,
- Intrusion Detection and Prevention,
- Spyware, Ransomware, and Advanced Persistent Threat using Machine learning.
- Added support for running multiple concurrent instances of different security services.
DPDK, VPP, Snort, ModSec, SSl-Split
- Used DPDK + VPP software stack to provide the Layer 2-4 networking and stateful firewall.
- Utilized open-source components for IPS (Snort), SSL proxy (Openssl & SSL-split) and WAF(ModSec).
- By fully harnessing the power of multicore CPUs and using multiple instances of individual services, we were able to split the load between services and process multiple sessions in parallel.
- We defined configurable service chain rules per flow of packets to make sure a packet is received and handled by only the services configured.
- Utilized Intel Hyperscan technology to speed up pattern and signature matching for ML.